Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(145)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/net/certificate_error_reporter.cc

Issue 979893003: Refactor ChromeFraudulentCertReporter for code reuse by SSL reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: use URLRequestMockDataJob to avoid IO in unit test Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/net/certificate_error_reporter.h ('k') | chrome/browser/net/certificate_error_reporter_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" 5 #include "chrome/browser/net/certificate_error_reporter.h"
6 6
7 #include <set> 7 #include <set>
8 8
9 #include "base/base64.h"
10 #include "base/logging.h" 9 #include "base/logging.h"
11 #include "base/profiler/scoped_tracker.h"
12 #include "base/stl_util.h" 10 #include "base/stl_util.h"
13 #include "base/time/time.h" 11 #include "base/time/time.h"
14 #include "chrome/browser/net/cert_logger.pb.h" 12 #include "chrome/browser/net/cert_logger.pb.h"
15 #include "net/base/elements_upload_data_stream.h" 13 #include "net/base/elements_upload_data_stream.h"
16 #include "net/base/load_flags.h" 14 #include "net/base/load_flags.h"
17 #include "net/base/request_priority.h" 15 #include "net/base/request_priority.h"
18 #include "net/base/upload_bytes_element_reader.h" 16 #include "net/base/upload_bytes_element_reader.h"
19 #include "net/cert/x509_certificate.h" 17 #include "net/cert/x509_certificate.h"
20 #include "net/ssl/ssl_info.h" 18 #include "net/ssl/ssl_info.h"
21 #include "net/url_request/url_request_context.h" 19 #include "net/url_request/url_request_context.h"
22 20
23 namespace chrome_browser_net { 21 namespace chrome_browser_net {
24 22
25 // TODO(palmer): Switch to HTTPS when the error handling delegate is more 23 CertificateErrorReporter::CertificateErrorReporter(
26 // sophisticated. Ultimately we plan to attempt the report on many transports. 24 net::URLRequestContext* request_context,
27 static const char kFraudulentCertificateUploadEndpoint[] = 25 const GURL& upload_url)
28 "http://clients3.google.com/log_cert_error"; 26 : request_context_(request_context), upload_url_(upload_url) {
29 27 DCHECK(!upload_url.is_empty());
30 ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter(
31 net::URLRequestContext* request_context)
32 : request_context_(request_context),
33 upload_url_(kFraudulentCertificateUploadEndpoint) {
34 } 28 }
35 29
36 ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { 30 CertificateErrorReporter::~CertificateErrorReporter() {
37 STLDeleteElements(&inflight_requests_); 31 STLDeleteElements(&inflight_requests_);
38 } 32 }
39 33
40 static std::string BuildReport(const std::string& hostname, 34 void CertificateErrorReporter::SendReport(ReportType type,
41 const net::SSLInfo& ssl_info) { 35 const std::string& hostname,
36 const net::SSLInfo& ssl_info) {
42 CertLoggerRequest request; 37 CertLoggerRequest request;
43 base::Time now = base::Time::Now(); 38 std::string out;
44 request.set_time_usec(now.ToInternalValue());
45 request.set_hostname(hostname);
46 39
47 std::vector<std::string> pem_encoded_chain; 40 BuildReport(hostname, ssl_info, &request);
48 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) { 41
49 LOG(ERROR) << "Could not get PEM encoded chain."; 42 switch (type) {
43 case REPORT_TYPE_PINNING_VIOLATION:
44 SendCertLoggerRequest(request);
45 break;
46 case REPORT_TYPE_EXTENDED_REPORTING:
47 // TODO(estark): Double-check that the user is opted in.
48 // TODO(estark): Temporarily, since this is no upload endpoint, just
49 // log the information.
50 request.SerializeToString(&out);
51 DVLOG(3) << "SSL report for " << hostname << ":\n" << out << "\n\n";
52 break;
53 default:
54 NOTREACHED();
50 } 55 }
51 std::string* cert_chain = request.mutable_cert_chain();
52 for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
53 *cert_chain += pem_encoded_chain[i];
54
55 request.add_pin(ssl_info.pinning_failure_log);
56
57 std::string out;
58 request.SerializeToString(&out);
59 return out;
60 } 56 }
61 57
62 scoped_ptr<net::URLRequest> 58 void CertificateErrorReporter::OnResponseStarted(net::URLRequest* request) {
63 ChromeFraudulentCertificateReporter::CreateURLRequest( 59 const net::URLRequestStatus& status(request->status());
60 if (!status.is_success()) {
61 LOG(WARNING) << "Certificate upload failed"
62 << " status:" << status.status()
63 << " error:" << status.error();
64 } else if (request->GetResponseCode() != 200) {
65 LOG(WARNING) << "Certificate upload HTTP status: "
66 << request->GetResponseCode();
67 }
68 RequestComplete(request);
69 }
70
71 void CertificateErrorReporter::OnReadCompleted(net::URLRequest* request,
72 int bytes_read) {
73 }
74
75 scoped_ptr<net::URLRequest> CertificateErrorReporter::CreateURLRequest(
64 net::URLRequestContext* context) { 76 net::URLRequestContext* context) {
65 scoped_ptr<net::URLRequest> request = 77 scoped_ptr<net::URLRequest> request =
66 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); 78 context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL);
67 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | 79 request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
68 net::LOAD_DO_NOT_SAVE_COOKIES); 80 net::LOAD_DO_NOT_SAVE_COOKIES);
69 return request.Pass(); 81 return request.Pass();
70 } 82 }
71 83
72 void ChromeFraudulentCertificateReporter::SendReport( 84 void CertificateErrorReporter::SendCertLoggerRequest(
73 const std::string& hostname, 85 const CertLoggerRequest& request) {
74 const net::SSLInfo& ssl_info) { 86 std::string serialized_request;
75 // We do silent/automatic reporting ONLY for Google properties. For other 87 request.SerializeToString(&serialized_request);
76 // domains (when we start supporting that), we will ask for user permission.
77 if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) {
78 return;
79 }
80
81 std::string report = BuildReport(hostname, ssl_info);
82 88
83 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); 89 scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
84 url_request->set_method("POST"); 90 url_request->set_method("POST");
85 91
86 scoped_ptr<net::UploadElementReader> reader( 92 scoped_ptr<net::UploadElementReader> reader(
87 net::UploadOwnedBytesElementReader::CreateWithString(report)); 93 net::UploadOwnedBytesElementReader::CreateWithString(serialized_request));
88 url_request->set_upload( 94 url_request->set_upload(
89 net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0)); 95 net::ElementsUploadDataStream::CreateWithReader(reader.Pass(), 0));
90 96
91 net::HttpRequestHeaders headers; 97 net::HttpRequestHeaders headers;
92 headers.SetHeader(net::HttpRequestHeaders::kContentType, 98 headers.SetHeader(net::HttpRequestHeaders::kContentType,
93 "x-application/chrome-fraudulent-cert-report"); 99 "x-application/chrome-fraudulent-cert-report");
94 url_request->SetExtraRequestHeaders(headers); 100 url_request->SetExtraRequestHeaders(headers);
95 101
96 net::URLRequest* raw_url_request = url_request.get(); 102 net::URLRequest* raw_url_request = url_request.get();
97 inflight_requests_.insert(url_request.release()); 103 inflight_requests_.insert(url_request.release());
98 raw_url_request->Start(); 104 raw_url_request->Start();
99 } 105 }
100 106
101 void ChromeFraudulentCertificateReporter::RequestComplete( 107 void CertificateErrorReporter::BuildReport(const std::string& hostname,
102 net::URLRequest* request) { 108 const net::SSLInfo& ssl_info,
109 CertLoggerRequest* out_request) {
110 base::Time now = base::Time::Now();
111 out_request->set_time_usec(now.ToInternalValue());
112 out_request->set_hostname(hostname);
113
114 std::vector<std::string> pem_encoded_chain;
115 if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain))
116 LOG(ERROR) << "Could not get PEM encoded chain.";
117
118 std::string* cert_chain = out_request->mutable_cert_chain();
119 for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
120 *cert_chain += pem_encoded_chain[i];
121
122 out_request->add_pin(ssl_info.pinning_failure_log);
123 }
124
125 void CertificateErrorReporter::RequestComplete(net::URLRequest* request) {
103 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); 126 std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request);
104 DCHECK(i != inflight_requests_.end()); 127 DCHECK(i != inflight_requests_.end());
105 scoped_ptr<net::URLRequest> url_request(*i); 128 scoped_ptr<net::URLRequest> url_request(*i);
106 inflight_requests_.erase(i); 129 inflight_requests_.erase(i);
107 } 130 }
108 131
109 // TODO(palmer): Currently, the upload is fire-and-forget but soon we will
110 // try to recover by retrying, and trying different endpoints, and
111 // appealing to the user.
112 void ChromeFraudulentCertificateReporter::OnResponseStarted(
113 net::URLRequest* request) {
114 // TODO(vadimt): Remove ScopedTracker below once crbug.com/422516 is fixed.
115 tracked_objects::ScopedTracker tracking_profile(
116 FROM_HERE_WITH_EXPLICIT_FUNCTION(
117 "422516 ChromeFraudulentCertificateReporter::OnResponseStarted"));
118
119 const net::URLRequestStatus& status(request->status());
120 if (!status.is_success()) {
121 LOG(WARNING) << "Certificate upload failed"
122 << " status:" << status.status()
123 << " error:" << status.error();
124 } else if (request->GetResponseCode() != 200) {
125 LOG(WARNING) << "Certificate upload HTTP status: "
126 << request->GetResponseCode();
127 }
128 RequestComplete(request);
129 }
130
131 void ChromeFraudulentCertificateReporter::OnReadCompleted(
132 net::URLRequest* request, int bytes_read) {}
133
134 } // namespace chrome_browser_net 132 } // namespace chrome_browser_net
OLDNEW
« no previous file with comments | « chrome/browser/net/certificate_error_reporter.h ('k') | chrome/browser/net/certificate_error_reporter_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698